A Deep Dive on AWS KMS Key Access and AWS Key Grants https://www.cloudquery.io/blog/aws-kms-key-grants-deep-dive
CloudQuery
A Deep Dive on AWS KMS Key Access and AWS Key Grants | CloudQuery
A Technical Deep Dive on AWS KMS Key Access and AWS Key Grants.
Gregor Samsa: Exploiting Java's XML Signature Verification https://googleprojectzero.blogspot.com/2022/11/gregor-samsa-exploiting-java-xml.html
Blogspot
Gregor Samsa: Exploiting Java's XML Signature Verification
By Felix Wilhelm, Project Zero Earlier this year, I discovered a surprising attack surface hidden deep inside Java’s standard library: A cus...
CVE-2022-41622 and CVE-2022-41800 (FIXED): F5 BIG-IP and iControl REST Vulnerabilities and Exposures https://www.rapid7.com/blog/post/2022/11/16/cve-2022-41622-and-cve-2022-41800-fixed-f5-big-ip-and-icontrol-rest-vulnerabilities-and-exposures/
Rapid7
CVE-2022-41622 and CVE-2022-41800 (FIXED): F5 BIG-IP and iControl REST Vulnerabilities and Exposures | Rapid7 Blog
Dark Web Price Index 2022 https://www.privacyaffairs.com/dark-web-price-index-2022/ good plot here » https://www.visualcapitalist.com/wp-content/uploads/2022/11/Charted-The-Dark-Web-Price-Index-2022-Full.html
Privacy Affairs
Dark Web Price Index 2022 - Dark Web Prices of Personal Data
To see just how prevalent items of personal data are being listed on the dark web in 2022, and at what price, we went on a data-gathering mission.
Bypassing AV/EDR Hooks via Vectored Syscall - POC https://www.cyberwarfare.live/blog/vectored-syscall-poc
CyberWarfare Labs
Blog - CWL : Advanced Cyber Attack & Detection Learning Platform
Investigating Powercat Reverse Shell Activity OVERVIEW The primary objective of adversaries or attackers is to maintain persistence within the targeted infrastructure. To […]
Control Your Types or Get Pwned: Remote Code Execution in Exchange PowerShell Backend https://www.zerodayinitiative.com/blog/2022/11/14/control-your-types-or-get-pwned-remote-code-execution-in-exchange-powershell-backend
Zero Day Initiative
Zero Day Initiative — Control Your Types or Get Pwned: Remote Code Execution in Exchange PowerShell Backend
By now you have likely already heard about the in-the-wild exploitation of Exchange Server, chaining CVE-2022-41040 and CVE-2022-41082. It was originally submitted to the ZDI program by the researcher known as “DA-0x43-Dx4-DA-Hx2-Tx2-TP-S-Q from GTSC”. After…
Windows Kernel: Exploit CVE-2022-35803 in Common Log File System https://blog.northseapwn.top/2022/11/11/Windows-Kernel-Exploit-CVE-2022-35803-in-Common-Log-File-System/index.html
blog.northseapwn.top
Windows Kernel: Exploit CVE-2022-35803 in Common Log File System
NorthSea's Blog
Reversing and Exploiting Samsung's NPU (Part 1) https://blog.impalabs.com/2103_reversing-samsung-npu.html
Impalabs
Reversing and Exploiting Samsung's NPU (Part 1)
This series of blog posts aims to describe and explain the internals of a recent addition to Samsung's system-on-chips, namely their Neural Processing Unit. The first part digs into the internals of the NPU and the second one focuses on the exploitation of…
Technical Advisory – NXP i.MX SDP_READ_DISABLE Fuse Bypass (CVE-2022-45163) https://research.nccgroup.com/2022/11/17/cve-2022-45163/
NCC Group Research Blog
Technical Advisory – NXP i.MX SDP_READ_DISABLE Fuse Bypass (CVE-2022-45163)
Vendor: NXP Semiconductors Vendor URL: Affected Devices: i.MX RT 101x, i.MX RT102x, i.MX RT1050/6x, i.MX 6 Family, i.MX 7 Family, i.MX8M Quad/Mini, Vybrid Author: Jon Szymaniak <jon.szymaniak(at…
GRU 26165: The Russian cyber unit that hacks targets on-site https://www.atlanticcouncil.org/content-series/tech-at-the-leading-edge/the-russian-cyber-unit-that-hacks-targets-on-site/
Atlantic Council
GRU 26165: The Russian cyber unit that hacks targets on-site
Russian hackers are not always breaching targets from afar, typing on their keyboards in Moscow bunkers or St. Petersburg apartment buildings. Enter GRU Unit 26165, a military cyber unit with hackers operating remotely and on-site. Going forward, Western…
AXLocker, Octocrypt, and Alice: Leading a new wave of Ransomware Campaigns
https://blog.cyble.com/2022/11/18/axlocker-octocrypt-and-alice-leading-a-new-wave-of-ransomware-campaigns/
https://blog.cyble.com/2022/11/18/axlocker-octocrypt-and-alice-leading-a-new-wave-of-ransomware-campaigns/
Analysis of a LoadLibraryA Stack String Obfuscation Technique with Radare2 & x86dbg
https://www.archcloudlabs.com/projects/loadlibrary-analysis/
https://www.archcloudlabs.com/projects/loadlibrary-analysis/
Arch Cloud Labs
Analysis of a LoadLibraryA Stack String Obfuscation Technique with Radare2 & x86dbg
About the Project Today, we’re going to analyze a malicious binary recently identified by Arch Cloud Labs malware collection system “Archie”. This binary leverages the LoadLibraryA function to resolve DLLs at run time for additional functionality. Malware…
Attacking on Behalf of Defense: DLL Sideloading EDR Binaries https://mansk1es.gitbook.io/edr-binary-abuse/
mansk1es.gitbook.io
Attacking on Behalf of Defense: DLL Sideloading EDR Binaries | Evasion
by Naor Hodorov
Divin'n'phishin with executable filetypes on Windows https://www.bencteux.fr/posts/filetypes/
Jeffrey Bencteux
Divin'n'phishin with executable filetypes on Windows
In order to find phishing payloads, one needs to understand how executable filetypes on Windows are handled, finding which ones can be delivered to mail clients, thus users, without being caught by mail defences in between and without requesting multiple…
Forensic artifacts in Office 365 and where to find them
https://techcommunity.microsoft.com/t5/microsoft-security-experts/forensic-artifacts-in-office-365-and-where-to-find-them/ba-p/3634865
https://techcommunity.microsoft.com/t5/microsoft-security-experts/forensic-artifacts-in-office-365-and-where-to-find-them/ba-p/3634865
TECHCOMMUNITY.MICROSOFT.COM
Forensic artifacts in Office 365 and where to find them
In the Microsoft Incident Response (formerly DART/CRSP) team, we often find ourselves using the rich data available in Office 365 to help us with our investigations. During this process there are a couple of questions we consistently stumble across: Where…
A dive into Microsoft Defender for Identity https://www.synacktiv.com/publications/a-dive-into-microsoft-defender-for-identity.html
Synacktiv
A dive into Microsoft Defender for Identity
Aurora: a rising stealer flying under the radar
https://blog.sekoia.io/aurora-a-rising-stealer-flying-under-the-radar/
https://blog.sekoia.io/aurora-a-rising-stealer-flying-under-the-radar/
Sekoia.io Blog
Aurora: a rising stealer flying under the radar
Since September 2022, Aurora malware is advertised as an infostealer and several traffers teams announced they added it to their malware toolset.
Bahamut cybermercenary group targets Android users with fake VPN apps https://www.welivesecurity.com/2022/11/23/bahamut-cybermercenary-group-targets-android-users-fake-vpn-apps/
WeLiveSecurity
Bahamut cybermercenary group targets Android users with fake VPN apps
ESET researchers uncover an active campaign where the Bahamut APT targets Android users via trojanized versions of two legitimate VPN apps.
A Comprehensive Look at Emotet Virus’ Fall 2022 Return https://www.proofpoint.com/us/blog/threat-insight/comprehensive-look-emotets-fall-2022-return
Proofpoint
Emotet Malware Is Back - Virus Analysis | Proofpoint US
The Emotet malware has returned. Read more about the return of Emotet malware in 2022, what this means for you, and how to protect against it.
Grafana RCE via SMTP server parameter injection https://hackerone.com/reports/1200647
HackerOne
Aiven Ltd disclosed on HackerOne: Grafana RCE via SMTP server...
## Summary:
This report is similar to [#1180653](https://hackerone.com/reports/1180653), except with different parameter injection entrypoint.
SMTP server password configuration setting accepts...
This report is similar to [#1180653](https://hackerone.com/reports/1180653), except with different parameter injection entrypoint.
SMTP server password configuration setting accepts...